[原文]Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext.

-
漏洞描述

Telindus Routers contain a flaw that allows a remote attacker to discover the software revision number, router name and administrative password. The issue is due to the device providing this information unencrypted to router management software upon request. If an attacker spoofs the same type of request, the router will disclose the information without any further authentication checks.

-
时间线

公开日期:
2002-06-28

发现日期:
Unknow

利用日期:2002-06-28

解决日期:Unknow

-
解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: filter traffic to UDP port 9833.

-
受影响的程序版本

-
漏洞讨论

The 1100 series routers are a broadband connectivity solution distributed by Telindus.

Under some circumstances, a vulnerable Telindus router may leak sensitive information. When an attempt to connect to the router is made using the administrative software, the router sends the password to the client in plain text. This packet is sent via UDP.

**The vendor has released firmware version 6.0.27, dated July 2002. Reports suggest that this firmware does not adequately protect against this vulnerability. The firmware is reported to use an encrypted UDP packet when connecting to the router. However, the firmware uses a weak encryption scheme and thus it is easily circumvented by an attacker.

-
漏洞利用

No exploit is required for this vulnerability.

An exploit has been made available by &lt;rubik@olografix.org&gt;.

A sniffer application called TSniffer has been developed to exploit this issue by Arescom. TSniffer can be obtained from the following location:http://net.supereva.it/noobsaibot.superdada/tsniffer/tslib.zip_